From mboxrd@z Thu Jan 1 00:00:00 1970 Return-Path: Received: from elaine.keithp.com (home.keithp.com [63.227.221.253]) by sourceware.org (Postfix) with ESMTPS id AC1053865491 for ; Thu, 9 Jul 2020 23:59:05 +0000 (GMT) DMARC-Filter: OpenDMARC Filter v1.3.2 sourceware.org AC1053865491 Received: from localhost (localhost [127.0.0.1]) by elaine.keithp.com (Postfix) with ESMTP id 38BAA3F2CDC7 for ; Thu, 9 Jul 2020 16:59:04 -0700 (PDT) X-Virus-Scanned: Debian amavisd-new at keithp.com Received: from elaine.keithp.com ([127.0.0.1]) by localhost (elaine.keithp.com [127.0.0.1]) (amavisd-new, port 10024) with LMTP id 9HHqsSNHzRMT; Thu, 9 Jul 2020 16:59:03 -0700 (PDT) Received: from keithp.com (67-40-10-69.tukw.qwest.net [67.40.10.69]) by elaine.keithp.com (Postfix) with ESMTPSA id C86B03F2CDC4; Thu, 9 Jul 2020 16:59:03 -0700 (PDT) Received: by keithp.com (Postfix, from userid 1000) id 90A6E15821AA; Thu, 9 Jul 2020 16:58:55 -0700 (PDT) From: Keith Packard To: newlib@sourceware.org Subject: [PATCH 3/4] libc/iconv: find_alias was mis-computing remaining alias table length Date: Thu, 9 Jul 2020 16:58:47 -0700 Message-Id: <20200709235848.3496713-3-keithp@keithp.com> X-Mailer: git-send-email 2.27.0 In-Reply-To: <20200709235848.3496713-1-keithp@keithp.com> References: <20200709235848.3496713-1-keithp@keithp.com> MIME-Version: 1.0 Content-Transfer-Encoding: 8bit X-Spam-Status: No, score=-12.0 required=5.0 tests=BAYES_00, DKIM_SIGNED, DKIM_VALID, DKIM_VALID_AU, DKIM_VALID_EF, GIT_PATCH_0, SPF_HELO_NONE, SPF_PASS, TXREP autolearn=ham autolearn_force=no version=3.4.2 X-Spam-Checker-Version: SpamAssassin 3.4.2 (2018-09-13) on server2.sourceware.org X-BeenThere: newlib@sourceware.org X-Mailman-Version: 2.1.29 Precedence: list List-Id: Newlib mailing list List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , X-List-Received-Date: Thu, 09 Jul 2020 23:59:07 -0000 This caused the strnstr to walk off the end of the alias array and fetch invalid data. Instead of attempting to update 'len', just re-compute it based on the table end pointer that is already known. Signed-off-by: Keith Packard --- newlib/libc/iconv/lib/aliasesi.c | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/newlib/libc/iconv/lib/aliasesi.c b/newlib/libc/iconv/lib/aliasesi.c index d04cebb57..ef5ce4109 100644 --- a/newlib/libc/iconv/lib/aliasesi.c +++ b/newlib/libc/iconv/lib/aliasesi.c @@ -115,7 +115,7 @@ search_again: && (p+l == table_end || isspace (*(p+l)) || *(p+l) == '\n'))) { ptable = p + l; - len -= table - p; + len = table_end - ptable; goto search_again; } -- 2.27.0